Move Azure external Load Balancer to another region using Azure PowerShell
There are various scenarios in which you'd want to move your existing external load balancer from one region to another. For example, you may want to create an external load balancer with the same configuration for testing. You may also want to move an external load balancer to another region as part of disaster recovery planning.
Azure external load balancers can't be moved from one region to another. You can however, use an Azure Resource Manager template to export the existing configuration and public IP of an external load balancer. You can then stage the resource in another region by exporting the load balancer and public IP to a template, modifying the parameters to match the destination region, and then deploy the templates to the new region. For more information on Resource Manager and templates, see Export resource groups to templates
Prerequisites
Make sure that the Azure external load balancer is in the Azure region from which you want to move.
Azure external load balancers can't be moved between regions. You have to associate the new load balancer to resources in the target region.
To export an external load balancer configuration and deploy a template to create an external load balancer in another region, you need the Network Contributor role or higher.
Identify the source networking layout and all the resources that you're currently using. This layout includes but isn't limited to load balancers, network security groups, public IPs, and virtual networks.
Verify that your Azure subscription allows you to create external load balancers in the target region that's used. Contact support to enable the required quota.
Make sure that your subscription has enough resources to support the addition of load balancers for this process. See Azure subscription and service limits, quotas, and constraints
Prepare and move
The following steps show how to prepare the external load balancer for the move using a Resource Manager template, and move the external load balancer configuration to the target region using Azure PowerShell. As part of this process, the public IP configuration of the external load balancer must be included and must me done first before moving the external load balancer.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
Export the public IP template and deploy from Azure PowerShell
Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions:
Connect-AzAccountObtain the resource ID of the public IP you want to move to the target region and place it in a variable using Get-AzPublicIPAddress:
$sourcePubIPID = (Get-AzPublicIPaddress -Name <source-public-ip-name> -ResourceGroupName <source-resource-group-name>).IdExport the source public IP to a .json file into the directory where you execute the command Export-AzResourceGroup:
Export-AzResourceGroup -ResourceGroupName <source-resource-group-name> -Resource $sourceVNETID -IncludeParameterDefaultValueThe file downloaded will be named after the resource group the resource was exported from. Locate the file that was exported from the command named <resource-group-name>.json and open it in an editor of your choice:
notepad.exe <source-resource-group-name>.jsonTo edit the parameter of the public IP name, change the property defaultValue of the source public IP name to the name of your target public IP, ensure the name is in quotes:
{ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "publicIPAddresses_myVM1pubIP_name": { "defaultValue": "<target-publicip-name>", "type": "String" } }To edit the target region where the public IP will be moved, change the location property under resources:
"resources": [ { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2019-06-01", "name": "[parameters('publicIPAddresses_myPubIP_name')]", "location": "<target-region>", "sku": { "name": "Standard", "tier": "Regional" }, "properties": { "provisioningState": "Succeeded", "resourceGuid": "7549a8f1-80c2-481a-a073-018f5b0b69be", "ipAddress": "52.177.6.204", "publicIPAddressVersion": "IPv4", "publicIPAllocationMethod": "Static", "idleTimeoutInMinutes": 4, "ipTags": [] } } ]To obtain region location codes, you can use the Azure PowerShell cmdlet Get-AzLocation by running the following command:
Get-AzLocation | format-tableYou can also change other parameters in the template if you choose, and are optional depending on your requirements:
Sku - You can change the sku of the public IP in the configuration from Standard to Basic or Basic to Standard by altering the sku > name property in the <resource-group-name>.json file:
"resources": [ { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2019-06-01", "name": "[parameters('publicIPAddresses_myPubIP_name')]", "location": "<target-region>", "sku": { "name": "Standard", "tier": "Regional" },For more information on the differences between basic and standard sku public ips, see Create, change, or delete a public IP address.
Availability zone. You can change the zone(s) of the public IP by changing the zone property. If the zone property isn't specified, the public IP is created as no-zone. You can specify a single zone to create a zonal public IP or all three zones for a zone-redundant public IP.
"resources": [ { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2019-06-01", "name": "[parameters('publicIPAddresses_myPubIP_name')]", "location": "<target-region>", "sku": { "name": "Standard", "tier": "Regional" }, "zones": [ "1", "2", "3" ],Public IP allocation method and Idle timeout - You can change both of these options in the template by altering the publicIPAllocationMethod property from Static to Dynamic or Dynamic to Static. The idle timeout can be changed by altering the idleTimeoutInMinutes property to your desired amount. The default is 4:
"resources": [ { "type": "Microsoft.Network/publicIPAddresses", "apiVersion": "2019-06-01", "name": "[parameters('publicIPAddresses_myPubIP_name')]", "location": "<target-region>", "sku": { "name": "Standard", "tier": "Regional" }, "properties": { "provisioningState": "Succeeded", "resourceGuid": "7549a8f1-80c2-481a-a073-018f5b0b69be", "ipAddress": "52.177.6.204", "publicIPAddressVersion": "IPv4", "publicIPAllocationMethod": "Static", "idleTimeoutInMinutes": 4, "ipTags": [] } }For more information on the allocation methods and the idle timeout values, see Create, change, or delete a public IP address.
Save the <resource-group-name>.json file.
Create a resource group in the target region for the target public IP to be deployed using New-AzResourceGroup.
New-AzResourceGroup -Name <target-resource-group-name> -location <target-region>Deploy the edited <resource-group-name>.json file to the resource group created in the previous step using New-AzResourceGroupDeployment:
New-AzResourceGroupDeployment -ResourceGroupName <target-resource-group-name> -TemplateFile <source-resource-group-name>.jsonTo verify the resources were created in the target region, use Get-AzResourceGroup and Get-AzPublicIPAddress:
Get-AzResourceGroup -Name <target-resource-group-name>Get-AzPublicIPAddress -Name <target-publicip-name> -ResourceGroupName <target-resource-group-name>
Export the external load balancer template and deploy from Azure PowerShell
Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions:
Connect-AzAccountObtain the resource ID of the external load balancer you want to move to the target region and place it in a variable using Get-AzLoadBalancer:
$sourceExtLBID = (Get-AzLoadBalancer -Name <source-external-lb-name> -ResourceGroupName <source-resource-group-name>).IdExport the source external load balancer configuration to a .json file into the directory where you execute the command Export-AzResourceGroup:
Export-AzResourceGroup -ResourceGroupName <source-resource-group-name> -Resource $sourceExtLBID -IncludeParameterDefaultValueThe file downloaded will be named after the resource group the resource was exported from. Locate the file that was exported from the command named <resource-group-name>.json and open it in an editor of your choice:
notepad.exe <source-resource-group-name>.jsonTo edit the parameter of the external load balancer name, change the property defaultValue of the source external load balancer name to the name of your target external load balancer, ensure the name is in quotes:
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "loadBalancers_myLoadbalancer_ext_name": { "defaultValue": "<target-external-lb-name>", "type": "String" }, "publicIPAddresses_myPubIP_in_externalid": { "defaultValue": "<target-publicIP-resource-ID>", "type": "String" },To edit value of the target public IP that was moved above, you must first obtain the resource ID and then copy and paste it into the <resource-group-name>.json file. To obtain the ID, use Get-AzPublicIPAddress:
$targetPubIPID = (Get-AzPublicIPaddress -Name <target-public-ip-name> -ResourceGroupName <target-resource-group-name>).IdType the variable and hit enter to display the resource ID. Highlight the ID path and copy it to the clipboard:
PS C:\> $targetPubIPID /subscriptions/7668d659-17fc-4ffd-85ba-9de61fe977e8/resourceGroups/myResourceGroupLB-Move/providers/Microsoft.Network/publicIPAddresses/myPubIP-in-moveIn the <resource-group-name>.json file, paste the Resource ID from the variable in place of the defaultValue in the second parameter for the public IP external ID, ensure you enclose the path in quotes:
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "loadBalancers_myLoadbalancer_ext_name": { "defaultValue": "<target-external-lb-name>", "type": "String" }, "publicIPAddresses_myPubIP_in_externalid": { "defaultValue": "<target-publicIP-resource-ID>", "type": "String" },If you have configured outbound NAT and outbound rules for the load balancer, a third entry is present in this file for the external ID for the outbound public IP. Repeat the steps above in the target region to obtain the ID for the outbound public iP and paste that entry into the <resource-group-name>.json file:
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "loadBalancers_myLoadbalancer_ext_name": { "defaultValue": "<target-external-lb-name>", "type": "String" }, "publicIPAddresses_myPubIP_in_externalid": { "defaultValue": "<target-publicIP-resource-ID>", "type": "String" }, "publicIPAddresses_myPubIP_out_externalid": { "defaultValue": "<target-publicIP-outbound-resource-ID>", "type": "String" } },To edit the target region where the external load balancer configuration will be moved, change the location property under resources in the <resource-group-name>.json file:
"resources": [ { "type": "Microsoft.Network/loadBalancers", "apiVersion": "2019-06-01", "name": "[parameters('loadBalancers_myLoadBalancer_name')]", "location": "<target-external-lb-region>", "sku": { "name": "Standard", "tier": "Regional" },To obtain region location codes, you can use the Azure PowerShell cmdlet Get-AzLocation by running the following command:
Get-AzLocation | format-tableYou can also change other parameters in the template if you choose, and are optional depending on your requirements:
Sku - You can change the sku of the external load balancer in the configuration from standard to basic or basic to standard by altering the sku > name property in the <resource-group-name>.json file:
"resources": [ { "type": "Microsoft.Network/loadBalancers", "apiVersion": "2019-06-01", "name": "[parameters('loadBalancers_myLoadBalancer_name')]", "location": "<target-external-lb-region>", "sku": { "name": "Standard", "tier": "Regional" },For more information on the differences between basic and standard sku load balancers, see Azure Standard Load Balancer overview
Load balancing rules - You can add or remove load balancing rules in the configuration by adding or removing entries to the loadBalancingRules section of the <resource-group-name>.json file:
"loadBalancingRules": [ { "name": "myInboundRule", "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"", "properties": { "provisioningState": "Succeeded", "frontendIPConfiguration": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]" }, "frontendPort": 80, "backendPort": 80, "enableFloatingIP": false, "idleTimeoutInMinutes": 4, "protocol": "Tcp", "enableTcpReset": false, "loadDistribution": "Default", "disableOutboundSnat": true, "backendAddressPool": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/backendAddressPools/myBEPoolInbound')]" }, "probe": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/probes/myHTTPProbe')]" } } } ]For more information on load balancing rules, see What is Azure Load Balancer?
Probes - You can add or remove a probe for the load balancer in the configuration by adding or removing entries to the probes section of the <resource-group-name>.json file:
"probes": [ { "name": "myHTTPProbe", "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"", "properties": { "provisioningState": "Succeeded", "protocol": "Http", "port": 80, "requestPath": "/", "intervalInSeconds": 15, "numberOfProbes": 2 } } ],For more information on Azure Load Balancer health probes, see Load Balancer health probes
Inbound NAT rules - You can add or remove inbound NAT rules for the load balancer by adding or removing entries to the inboundNatRules section of the <resource-group-name>.json file:
"inboundNatRules": [ { "name": "myInboundNATRule", "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"", "properties": { "provisioningState": "Succeeded", "frontendIPConfiguration": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]" }, "frontendPort": 4422, "backendPort": 3389, "enableFloatingIP": false, "idleTimeoutInMinutes": 4, "protocol": "Tcp", "enableTcpReset": false } } ]To complete the addition or removal of an inbound NAT rule, the rule must be present or removed as a type property at the end of the <resource-group-name>.json file:
{ "type": "Microsoft.Network/loadBalancers/inboundNatRules", "apiVersion": "2019-06-01", "name": "[concat(parameters('loadBalancers_myLoadBalancer_name'), '/myInboundNATRule')]", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name'))]" ], "properties": { "provisioningState": "Succeeded", "frontendIPConfiguration": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]" }, "frontendPort": 4422, "backendPort": 3389, "enableFloatingIP": false, "idleTimeoutInMinutes": 4, "protocol": "Tcp", "enableTcpReset": false } }For more information on inbound NAT rules, see What is Azure Load Balancer?
Outbound rules - You can add or remove outbound rules in the configuration by editing the outboundRules property in the <resource-group-name>.json file:
"outboundRules": [ { "name": "myOutboundRule", "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"", "properties": { "provisioningState": "Succeeded", "allocatedOutboundPorts": 10000, "protocol": "All", "enableTcpReset": false, "idleTimeoutInMinutes": 15, "backendAddressPool": { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/backendAddressPools/myBEPoolOutbound')]" }, "frontendIPConfigurations": [ { "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPoutbound')]" } ] } } ]For more information on outbound rules, see Load Balancer outbound rules
Save the <resource-group-name>.json file.
Create or a resource group in the target region for the target external load balancer to be deployed using New-AzResourceGroup. The existing resource group from above can also be reused as part of this process:
New-AzResourceGroup -Name <target-resource-group-name> -location <target-region>Deploy the edited <resource-group-name>.json file to the resource group created in the previous step using New-AzResourceGroupDeployment:
New-AzResourceGroupDeployment -ResourceGroupName <target-resource-group-name> -TemplateFile <source-resource-group-name>.jsonTo verify the resources were created in the target region, use Get-AzResourceGroup and Get-AzLoadBalancer:
Get-AzResourceGroup -Name <target-resource-group-name>Get-AzLoadBalancer -Name <target-publicip-name> -ResourceGroupName <target-resource-group-name>
Discard
After the deployment, if you wish to start over or discard the public IP and load balancer in the target, delete the resource group that was created in the target and the moved public IP and load balancer will be deleted. To remove the resource group, use Remove-AzResourceGroup:
Remove-AzResourceGroup -Name <resource-group-name>
Clean up
To commit the changes and complete the move of the NSG, delete the source NSG or resource group, use Remove-AzResourceGroup or Remove-AzPublicIpAddress and Remove-AzLoadBalancer
Remove-AzResourceGroup -Name <resource-group-name>
Remove-AzLoadBalancer -name <load-balancer> -ResourceGroupName <resource-group-name>
Remove-AzPublicIpAddress -Name <public-ip> -ResourceGroupName <resource-group-name>
Next steps
In this tutorial, you moved an Azure network security group from one region to another and cleaned up the source resources. To learn more about moving resources between regions and disaster recovery in Azure, refer to:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for